Sniffing is a data interception technology. Sniffer is a program that monitor or reading all network traffic passing in and out over a network. Telnet, Relogin, FTP, NNTP, SMTP, HTTP, IMAP that all protocol are vulnerable for sniffing because it send data and password in clear text. Sniffing can be use both the ways legally or illegally like for monitor network traffic, network security and for stealing information like password, files from the network. Sniffing can be done both way one is from command line utility and other is from GUI interface. Many network engineers; security professionals and even crackers use these techniques to sniff the network. Sniffing technique also use for ethical hacking. In this article, I will explain you about sniffers and how a sniffer works.

Computers are always communicating with other machine during normal task like web surfing, file sharing, emails etc. A computers are connected on Local Area Network (LAN) means they are sharing a connection with several other computers. There are two types of network like Shared network (using HUB) and one is Switched network (using switch) sniffers work differently on both the network.

In these types of shared network, all hosts are connected with each other through the hub and they are sharing same bandwidth. In Shared network packets broadcast to all ports. Suppose computer A want to send packet to the Computer E then computer A send the packet on network with destination MAC address of Computer E along with source MAC address but in hub network packet will broadcast to every machine ports connected to LAN. If hacker runs a sniffer tool on any of one machine then he can easily grab the data and take your valuable information in no time.It is commonly refereed as theMan in the middle attack This sniffing method is totallypassiveand it is very difficult to detect

In this types of network all host are connected with each other through the switch. Switch maintain table of every computer MAC address.Switch operates at data link layer of the OSI Layer model. Switch does not broadcast all information on network. Switches examine the data packets for source and destination addresses and then forward the data packet to the appropriate destination. so its difficult to sniff switches attacker are using technique that he send bogus MAC Address to fool the switch. Attacker use two method to sniff switch network ARP spoofing and Mac Flooding

ARP spoofingARP stands for Address Resolution protocol. ARP resolves IP address in to MAC address. ARP is stateless protocol if attacker spoof ARP cache with the bogus IP and MAC address then target machine blindly accepts the ARP entry into its ARP table by this way attacker can easily sniff the switch network and gather all the information from it.

MAC flooding
Switch maintain translation table of various MACaddress to the physical ports on the switch to route packet from source to appropriate destination but switch has limited capacity of stored MAC address in its table. If attacker flood the switch table with bogus MAC address until the switches cannot maintain it then switch started work like hub and broadcast all traffic to all ports if hacker sniff any of one machine then he can easily capture all traffic from network.

Tools Used For Sniffing

There a many tools used for sniffing some of the best are mentioned below